-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include original request params on /token request in acquireTokenInteractive #5403
Conversation
Codecov Report
*This pull request uses carry forward flags. Click here to find out more.
|
@@ -17,6 +17,7 @@ export const TEST_CONSTANTS = { | |||
REDIRECT_URI: "http://localhost:8080", | |||
CLIENT_SECRET: "MOCK_CLIENT_SECRET", | |||
DEFAULT_GRAPH_SCOPE: ["user.read"], | |||
DEFAULT_OIDC_SCOPES: ["openid", "profile", "offline_access"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would it be better to import this from msal-common (OIDC_DEFAULT_SCOPES
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Curios how this didn't become apparent before -is it because the scopes passed to getAuthCodeUrl() would be consented by the user and later on acquireTokenSilent calls would succed using the RT.. 😕
It's a new feature, not sure how much usage it has gotten yet. |
🎉 Handy links: |
A bug in
acquireTokenInteractive
resulted in providedscopes
and other request parameters being ignored on the/token
request. This PR ensures that the/token
request parameters match the parameters from the/authorize
requestFixes #5390